83336a30478cd8f9f331ce4e824a34508709bab2e607bcaca695f1cbdaf59a0c

Analysis

max time kernel
76s
max time network
79s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
21-07-2024 23:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sp.html
Size

4KB
MD5

47f8398db4582495de543167f72d79b6
SHA1

ed07c39adbc7efc8af7369c424129b4d9719f603
SHA256

83336a30478cd8f9f331ce4e824a34508709bab2e607bcaca695f1cbdaf59a0c
SHA512

4e089fdc20d551f52ffc540531271a12ce18e9a437ad3f4c49a51c84733d4befd86776e449b0fbb58e61d9aecb5b220888a8dc6f3e9cf4d393b312578016f6a4
SSDEEP

96:1j9jwIjYjUDK/D5DMF+BOis10A2ZLimmrRU9PaQxJbGD:1j9jhjYjIK/Vo+tsCZOmmry9ieJGD

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133660779622996876"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4504	msedge.exe
4504	msedge.exe
2844	msedge.exe
2844	msedge.exe
2144	msedge.exe
2144	msedge.exe
3240	identity_helper.exe
3240	identity_helper.exe
5688	chrome.exe
5688	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe

Suspicious use of AdjustPrivilegeToken 38 IoCs

description	pid	Process
Token: SeDebugPrivilege	1236	firefox.exe
Token: SeDebugPrivilege	1236	firefox.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe
Token: SeShutdownPrivilege	5688	chrome.exe
Token: SeCreatePagefilePrivilege	5688	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
2844	msedge.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe
5688	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 5044	2844	msedge.exe	81
PID 2844 wrote to memory of 5044	2844	msedge.exe	81
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 3824	2844	msedge.exe	82
PID 2844 wrote to memory of 4504	2844	msedge.exe	83
PID 2844 wrote to memory of 4504	2844	msedge.exe	83
PID 2844 wrote to memory of 4104	2844	msedge.exe	84
PID 2844 wrote to memory of 4104	2844	msedge.exe	84
PID 2844 wrote to memory of 4104	2844	msedge.exe	84
PID 2844 wrote to memory of 4104	2844	msedge.exe	84
PID 2844 wrote to memory of 4104	2844	msedge.exe	84
PID 2844 wrote to memory of 4104	2844	msedge.exe	84
PID 2844 wrote to memory of 4104	2844	msedge.exe	84
PID 2844 wrote to memory of 4104	2844	msedge.exe	84
PID 2844 wrote to memory of 4104	2844	msedge.exe	84
PID 2844 wrote to memory of 4104	2844	msedge.exe	84
PID 2844 wrote to memory of 4104	2844	msedge.exe	84
PID 2844 wrote to memory of 4104	2844	msedge.exe	84
PID 2844 wrote to memory of 4104	2844	msedge.exe	84
PID 2844 wrote to memory of 4104	2844	msedge.exe	84
PID 2844 wrote to memory of 4104	2844	msedge.exe	84
PID 2844 wrote to memory of 4104	2844	msedge.exe	84
PID 2844 wrote to memory of 4104	2844	msedge.exe	84
PID 2844 wrote to memory of 4104	2844	msedge.exe	84
PID 2844 wrote to memory of 4104	2844	msedge.exe	84
PID 2844 wrote to memory of 4104	2844	msedge.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sp.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff9b813cb8,0x7fff9b813cc8,0x7fff9b813cd8
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,9374620117409473871,12952572694377651322,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1984 /prefetch:2
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,9374620117409473871,12952572694377651322,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,9374620117409473871,12952572694377651322,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2476 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9374620117409473871,12952572694377651322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9374620117409473871,12952572694377651322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1972,9374620117409473871,12952572694377651322,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3960 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,9374620117409473871,12952572694377651322,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1972,9374620117409473871,12952572694377651322,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4472 /prefetch:8
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9374620117409473871,12952572694377651322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9374620117409473871,12952572694377651322,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9374620117409473871,12952572694377651322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,9374620117409473871,12952572694377651322,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:5504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1908

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2152
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:1236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1904 -parentBuildID 20240401114208 -prefsHandle 1832 -prefMapHandle 1812 -prefsLen 25749 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2734ddd-9977-4cef-86f8-2cd3ad0d8c0a} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" gpu
    3⤵
    PID:2440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2348 -parentBuildID 20240401114208 -prefsHandle 2324 -prefMapHandle 2320 -prefsLen 25785 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0641f768-4839-4992-9e90-6a91134fefe1} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" socket
    3⤵
    PID:4864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3232 -childID 1 -isForBrowser -prefsHandle 3224 -prefMapHandle 3220 -prefsLen 25926 -prefMapSize 244658 -jsInitHandle 1240 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48c4bdb0-7bcf-4ac7-bdc4-a2f51562b7f5} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" tab
    3⤵
    PID:4612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3644 -childID 2 -isForBrowser -prefsHandle 3596 -prefMapHandle 3104 -prefsLen 31159 -prefMapSize 244658 -jsInitHandle 1240 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4ab5862-3bbd-4cc6-b156-75c275094259} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" tab
    3⤵
    PID:1936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4592 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4596 -prefMapHandle 4388 -prefsLen 31159 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bff83f74-d8e1-40d7-a033-3c77ba57b80d} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" utility
    3⤵
    - Checks processor information in registry
    PID:5536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5196 -childID 3 -isForBrowser -prefsHandle 5496 -prefMapHandle 5516 -prefsLen 27071 -prefMapSize 244658 -jsInitHandle 1240 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {747b62ba-1f3e-40cd-bb89-3f0da0d814a0} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" tab
    3⤵
    PID:6080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5624 -childID 4 -isForBrowser -prefsHandle 5336 -prefMapHandle 5484 -prefsLen 27071 -prefMapSize 244658 -jsInitHandle 1240 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49228e3d-b6cf-49d3-80e5-c1f57788192c} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" tab
    3⤵
    PID:6088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5988 -childID 5 -isForBrowser -prefsHandle 5720 -prefMapHandle 5916 -prefsLen 27071 -prefMapSize 244658 -jsInitHandle 1240 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc9ffe1d-edd0-4a05-a113-c46bb0f719c9} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" tab
    3⤵
    PID:6104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6136 -childID 6 -isForBrowser -prefsHandle 6128 -prefMapHandle 6124 -prefsLen 29355 -prefMapSize 244658 -jsInitHandle 1240 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67e4d75f-15c5-49be-ab33-e1e83cb5335a} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" tab
    3⤵
    PID:436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3632 -childID 7 -isForBrowser -prefsHandle 6284 -prefMapHandle 6288 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1240 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39da3a94-83b7-4c27-b67d-ac96518f77e9} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" tab
    3⤵
    PID:5960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8617cc40,0x7fff8617cc4c,0x7fff8617cc58
  2⤵
  PID:6128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1964,i,14275058169352199030,17753762531833589366,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1844,i,14275058169352199030,17753762531833589366,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2000 /prefetch:3
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,14275058169352199030,17753762531833589366,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1728 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,14275058169352199030,17753762531833589366,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,14275058169352199030,17753762531833589366,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4440,i,14275058169352199030,17753762531833589366,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3732,i,14275058169352199030,17753762531833589366,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3516,i,14275058169352199030,17753762531833589366,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3552 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4932,i,14275058169352199030,17753762531833589366,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3660,i,14275058169352199030,17753762531833589366,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3436 /prefetch:8
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4928,i,14275058169352199030,17753762531833589366,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:1332

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1316

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d73ca2992952f623acc5ef5fa8078e16

SHA1
5812fd60a1bf47c62b4383a2d0634282ca06e6ad

SHA256
a83099854a42387a953c180b0bc44729e8730818ec1909ad13d8a107f72b2faa

SHA512
a9185c64beb2d73648bd3ef07e864cc6a5fac5ce785b17bab43ec304426b4823bd289e0d51d13677260bda2e2289eaf4ea8376dc48f4600e2a4c07452fe62838

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ec6e4224d121c79ca84e11b8c8c4ef0f

SHA1
ce15121ace61a99c44c126831a10adea6fcd9057

SHA256
72d30db10b92942e40724a7183bed80ea9ee950f16c9dd9bfc73eef9617b8bd6

SHA512
07925c7eb6b4ea46f16b264cd0c2fc15b03aa64baa440febad9bf7c70eae7058b05625911d31518c23f208119592e08616346abe8c6c251ab91a8df71373f0a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
cc6a6e23798fe209d16dbeee52aa782e

SHA1
dd29aeebc437ef76ffa498cd34b6735ac4648356

SHA256
d300abd4a536586e5bde481a0164d7be953bad89d271c15ea085fd8ebf087200

SHA512
e9ac5f8dea9476d50cbcef3454e26817a01f0a4fda830c0435ce9cba4435510f8877421ffd0a4de7bfd5aeeb71fcc10188fcd107a3bf0d30f8e18c93fb0bece9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8e00aaa7ca8fbf99c870787243e32aa6

SHA1
eda9462c27a58b31ed42a3c7a5edda5915a8e3bf

SHA256
256b28c543c1321dd2a958bed08b5a65b0e5d040418369493dd48212f588de3b

SHA512
24d4baf5b6297d7eb125a1e28ce93592d3397494e6ce8dc1626d79f031c1cf3ded7eb260898201bcccf10f6423d2e1e1893edc50c1e814a926c6212688b0f509

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5facd9e54f3829af912fc53ad1e809e1

SHA1
5a4e2fa3fb77049037595bbbb95ab25776349072

SHA256
224ab2e0ef1783cdd98485d99107ddaf49c64f14d96b5e78e0d88ca2b58cdb9c

SHA512
a552cce5e350fb8b66c006c19acd6eb5cd02bf437cba077b146e6d18e5dd9d2ac45580bbb5104c946e575089ce1ebf434f18edbd8bc36e167c0f9a016e7d65ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
dbea74168eb0479f27570696533e2a75

SHA1
45756df7cce96e704bd33424f2cb306b7dcc8a6d

SHA256
713bc1893d4e6e42f71fc0107e3c2e3cfe45279ec95ae6825b5a47ffc646fcac

SHA512
a11cc0b91de362aa1e8a5bb13734e3d213bf3a3cd9a5a2d6475e09b635e6417aff8524e39eb27abd4b722b7e2388c9c2a13f623b7bfee2ec18c173a12117ec28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
d609a1bd52aeeed1fe389b1ea1e6724b

SHA1
ae1111f52fc783286fc982d5579a14f5a05d0c69

SHA256
514753fd272102b5540656a33e5ab27d1c89a7822e4be0dae729bea3a33191f7

SHA512
6a6c349c671e63d47b2f31b2de7dc2b1f964998ea79e052a22c57e7053543873b6c14fcc7bf41c14dfdb9ce97ae502bf279ec019712668790a69d766efc4550c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
de5d15a35ec66234dd191ae4a59fb7b6

SHA1
81ac5dc7fccd0b330b918cf30a0b526c1bdcad25

SHA256
00465e2393369e1119b6a123e88484492e914adafbfde01fe6a028e4ed861c44

SHA512
f671cd4c3810f1c76aa17dda19d774beab787254fe1bbb2e695848bd9c6fe8a8b71a7986bbcbd07cf1ebb14a2b33aff26b36ffefc0789a63bbb5dc042a48cee5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc52695a78aa4e8734d73b7446ba59d1

SHA1
15dfb5759ff566206ebd6b8a864e9e43182d7f44

SHA256
fc18d4b0cbcbb89e7f9cbe630c18c94ddecf8b59e74718cc5ad1f66fe638cf9e

SHA512
dbddeb1e9678141910933db917260164cfd07d5f2fcf3c7e82fc2c6db486be7dc47fb193a676e7a23d4ad6936c946ede8def1c555332e41a829d94c207cbfd51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce971e4ab1f7a51b5b9def5887018d15

SHA1
2f280b61a4c3297a3129d59b84ae971e90fdf9d9

SHA256
12e7606eaa7e67b697c8b098266fcb8cb066cd9f8f60ce43ba8405102a63af1b

SHA512
5358fb373e7ef29ac278c33161fbd06b4ac59b24be16e4c34f37ae88383655a182e30fa71cb7881cffc3af5ab055aad25d57f53f3114e6d79b946dbfaa228594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bcd17379f30a3714f4799fc7a3232728

SHA1
44a56f1c6581229e9abed41cce2c2df022a39af7

SHA256
c67a27af163f80bcccc9e9f314d9093e0264703f87eb321b65b85f4749369532

SHA512
ba385d3fa9c04396d4b0959875db36d0996dd4d73a159cb0e7d912874b2dd808bcb466a6f5836a41fe43fdd8878db5a1ed56e58ac7ff99d951a6c4a3a7f96460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f8fa6bcca34eace81884263653efcf87

SHA1
b44d6c4a0014336356b01a5033cbe9f34a4c16f1

SHA256
724b6db002448a4b9d181e86b81b1468b4585c60649158bc1132258184515cff

SHA512
3c7ddb2da591c4fcd5d1c09aa61518cbe445e1a86a304a67d0c7d643fe13d9095cd32886c25170e3cdda070356bf6679439c7068d8b225c40293b37fa7fa3e07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
15eb7aac4e5b9138390e169d0258a339

SHA1
ececfc43a44975693b2bad139e56924145037bdb

SHA256
9dcc3f40d83d43f52a77e36850cf3e9b3a1e1da380ed879db1c563801ab095c0

SHA512
50f07896c6d6a022e601f67ae9e02eb8831619d5ca250ad06af7ee5e9491a86bf24a45e687d69cbce82c88f544ac3f1753b99c4cf522a7e105708d628c21d64c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4ae27536dbbde99ccbe5f37bd1f0dc1c

SHA1
64d30159ea7708537ac3631b3620d81adf50e84a

SHA256
eb792195dc37619da1b389119fa79cdb4881076f170f9083ea5f5eae1b94cf0b

SHA512
fa189029a96b0407c3d2946dcfd059b741f0faa8e113d1f7a2b709aa16358bb7de18f77d91d08b4ab350de132b1628a85a71f80cba7948f464cbc95342b5f667

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0xshw2k.default-release\cache2\entries\EA75CF7AB71460276A54D00E4155F850E72BFB79

Filesize
109KB

MD5
dda45ba9ef92e03d9389a741f0d553b9

SHA1
b873733999d8e12f7bc49a4e6b6825fd43ff1d89

SHA256
dcd890885b46f9eaece9425b97fd39edec2aca7b60a774cb1d7be1fe1897a1eb

SHA512
f15940e0664d71aa0b7eba1c44c12a0085b5547d22675e5db881732dac3dfdcc2dccf9ad8ca6932c5c2cb193fd36ac53d30de9c3d349e3cbbbcf48a3464d054b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\AlternateServices.bin

Filesize
8KB

MD5
334147cb1138838707a92f28b84ffb92

SHA1
1c803fd928e6908d705379a8c2cea4e1a3ff6f88

SHA256
a393409b0431c1ccdf999a0f33bbb8ef38b048dc20a17d8c214738531f468d40

SHA512
f830ced935f01e6926097d576f025fb1c55e847f27a09dac59d0755fa301a572b5f73dfe34167e4ca45cf41377bb1171e84a86d59c7a2f384de1c45b625d8f41

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\AlternateServices.bin

Filesize
16KB

MD5
ecd06286ee5ec2af91b4429772362a72

SHA1
c4476fa83617adc88ca1c0c84785c972905ad6e5

SHA256
3c0fe0c2253693a5b4311e98329ab6c084ff705cef1f69c9adce8a47e554ba2a

SHA512
1b3e18476816822c0dec50cf0aeaf1e34f87464889ad11d4c29dd3ff7951e4655ad1884d38c9cd5a8b5dd0d45cb501e45e066aab73f82928c7297e8300173417

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
8e2c10d16085017f8dfdb4c439c84aa9

SHA1
3487d7577f88f0733ea42c1d14b4584a9d8f2b16

SHA256
bca7238e9559c127e4d97e1d45f944921e37929e6270024c5ce5a3acf789382f

SHA512
64f7af374bda2b0a0eb6e9a2722a69ad4207c679e49314625ad426de244c5ca95d134420b54a1f7bc44a0805669d6057f3bde75dd937fc3aa62b7af51f7ffa91

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
79ba60a3c7e8cf03a996603809ff7abb

SHA1
42712eb4db375c57d8afb9b2600e3d0c5e360adc

SHA256
b26dcaff41284ebc614b0034cae51825a0b18047e297043f1ef9d628a63ed935

SHA512
ad2a82d1efb2c1226b636dc2b5cbd7ce7ee08831235201b5fef825855f78f8c464e46b697864f15caa82045e3de02f727973fdb2b05cb25fcc37aebc4cd1b87a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\datareporting\glean\pending_pings\2f8c7cc6-a0a2-4ddc-a2c5-fef36cb07d0d

Filesize
982B

MD5
6410fc1c84fc3a0f1c68f7d04e619e82

SHA1
797999d82514531453378506a41862d0a332e690

SHA256
1915f50c04672c38eed173e0046280c70e1a689f9f4ad4b0f27dfd5c85c1aa23

SHA512
e273f8b773d26ec875d72932dc303f5f4d5015eb20370c968dc445a21488982b80c01af765cd560d7aafbc49eef53dfda8387efc481d839b4e0e2f9f95fb98dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\datareporting\glean\pending_pings\b49e73d7-3ecd-4ab0-9804-4bafc35614bf

Filesize
671B

MD5
68881103855c7996ea9ff532d0b80cda

SHA1
7918d088c181629e0c4110e291ce7f54448adb3d

SHA256
eacd4d7f3534ffe8efe118541f14a6fe802f27d47b5bb8f765f99bfa2ae0c9f8

SHA512
4972a8c4ec6ef0500ebf48a77d849acfe2ea8f16c130189e390dfa5107b37583a7af37d13516df349ea786617c984c347ad4208ce557f03ea7202c51bd22ef3a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\datareporting\glean\pending_pings\eae0aef6-116b-46d0-8df2-17f89f7ff92c

Filesize
26KB

MD5
d2662eb9cb1972be52399e24f5564b82

SHA1
904d82ced11a9201fb42fe8fa76a02eb39c3bd02

SHA256
ef25d62ed675011cfa0b20bb164f84bb902a7f8577e7b8629bdba737959827a0

SHA512
88789ef6463db6067918017c2732a4d8d2c4854502072f7d181ebfc53624afa2da06eb2ed9f926d323611fec688e4d6913f99dcb55754b970864f1bf25abada6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\prefs-1.js

Filesize
11KB

MD5
21ea213d0e808d680eac98ab38240651

SHA1
0f70ade177c4cc99cd5ed9f1f9e4d4655b5cebaa

SHA256
2f2250562370c49b27c5e5d9cd81b1df7eb1ad5f3cffdb09fa374ca7111d5382

SHA512
2c89d8b037910ea6b5099c3dfdd3e3d388270e340e836577048d513aa88addc67f5f742745f8193e02858c0f9261c022836c95788268a2558be83024a784f116

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\prefs-1.js

Filesize
11KB

MD5
f9af53cfeb4aa060dd7cad0ea2cc8369

SHA1
f47e63a89309b94154f0773f9b28a751cb2d0553

SHA256
ec80171ef903ebcf6867daddf5f409e995fcf19c44963d5e8e278b0f9572f34c

SHA512
5970a7de7bdcaa8a36eb4050dc1bf13c58f00e5af5f8cbf48eff50cdfb45e94f11d27dfeae8a164005cd2953c1f3aff95304753012f33fe5f24ff37935684473

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\prefs.js

Filesize
8KB

MD5
eebe06238f0ae601f1246fa3c0fee90e

SHA1
e54ae0d3c02cba86749cad6380ae5a0e5075dcff

SHA256
90a7300914ad0300b2816e3e55474ea5b5ce461753af182b37b223c6be335132

SHA512
9b5411c34bffc2f25cd0e814cc121c27bc9b662f8462c956fc83ef6a8157f44617535ce1a135932eeda7627202079454f75cea3df98b4fd2507c45e00d4c8fa8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\prefs.js

Filesize
8KB

MD5
46276a48e65f39a39002454e2a77d4d3

SHA1
035f83f9f21551d217843b0ed2dec9091a388cf0

SHA256
eb827b0be37a0655b43048d58d6df97775157c3c5764a844e633ab1c352eeec5

SHA512
085bd2f1ef836610fd6278b52a12e7b0aa1b67d760c903a662367ee12f835f2c3e6f875686e6cd4a66ede14516f672e320f2b65da331ef9b5d03552fc71b0eb7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
031738a68d714311b1afa155409a2bf9

SHA1
e318dd4ace3bf05339bc60e21bc145086fc24b95

SHA256
86a4e3a9afbed714ccebcb4e57f1b8770b8cdcf39f1a309012550f17fa08e273

SHA512
d9f22999e6c0a7712237430bee11b29c77e805099c4fd5b2455a482e27de36e4d47b56b82510c942d577dcb3011c4a5d5cee8cdfc5333ebbdff00568ecf96af6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
5be55fe58803212c82c2a59937fc23b8

SHA1
b1f2517fe3a50a341b3e019227c79ae34406c487

SHA256
8032117024fe9897db93fc5f2d85c43603e289c9302340bbf3b62d70d9e4724e

SHA512
647c72462a12052eadd3ae891cb9e400de77ff57f8253ca0787033da257f9eea96b9b431e6ffc8a24be91d7d50afbaed0a9d9fe9f33cf7bc172c33c9a7acaacc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0xshw2k.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
544KB

MD5
bec9ce630a998fbfc961b25f2216d317

SHA1
e0d30d17dd38b848cc56063d5d5f35e586279890

SHA256
57f63d89c9d01bb4a8c8d304e4167204a3704fabba2068d7f48c9470b184ecd4

SHA512
bc6f1feb57f2cb3d1494da8b17164cf2acfc021bdaa0ef79786c8b12741b1e969fa3d45e6f20abee3fe1d1077ba5370591453a65741d87882e459b5d2d7d6735

Download Submit